[Feature]: Can this be part of the roadmap for practical use case as top priority. tls / ktls support first.

Question

[Feature]: Can this be part of the roadmap for practical use case as top priority. tls / ktls support first.

ouvaa opened this issue 5 months ago · comments

ouvaa commented 5 months ago

Description of new feature

gnet-ktls
gnet-ktls-h2
gnet-ktls-h2-iouring

once all the above is done, it's "perfect"

Scenarios for new feature

for use in real world scenario behind cloudflare as cloudflare only supports grpc with http2
https://developers.cloudflare.com/network/grpc-connections/
Enable gRPC
Requirements
Your gRPC endpoint must listen on port 443.
Your gRPC endpoint must support TLS and HTTP/2.
HTTP/2 must be advertised over ALPN.

possible to make this happen? thx.
please pull the ktls as currently having issues with the dependencies. also, you can pull into dev branch.

Breaking changes or not?

Yes

Code snippets (optional)

No response

Alternatives for new feature

None.

Additional context (optional)

None.

ouvaa · Answer 1 · Tue Feb 27 2024 01:28:15 GMT+0800 (China Standard Time)

@panjf2000 will be one of your sponsor if this is part of the roadmap.
do make this gnet-ktls or gnet-ktls-h2 happen for now.

ouvaa · Answer 2 · Thu Mar 28 2024 19:04:56 GMT+0800 (China Standard Time)

@panjf2000 sorry i just realised i asked before.
but do put this as top priority. thx

Andy Pan · Answer 3 · Thu Mar 28 2024 20:20:32 GMT+0800 (China Standard Time)

Implementing TLS for gnet is not a trivial job and I'm not sure that I have much time in the near future. Therefore I can't guarantee an ETA on this. If you're in a hurry, you may want to seek out other off-the-shelf solutions.

ouvaa · Answer 4 · Thu Mar 28 2024 20:46:24 GMT+0800 (China Standard Time)

@panjf2000 yes i understand but can you also try out gnet ktls?
it's almost done and the issue i've mentioned here:
0-haha/gnet_tls_examples#2

do u think u can just have a quick patch on it? it's working except some connection stack overflow issue

ouvaa · Answer 5 · Thu Mar 28 2024 21:01:03 GMT+0800 (China Standard Time)

@panjf2000 possible to do something along this line so we can at least have a wrapper around the listener part?
i've checked gnet code and cant seem to find something similar

valyala/fasthttp#431

ouvaa · Answer 6 · Thu Mar 28 2024 21:19:47 GMT+0800 (China Standard Time)

@panjf2000 this repo support tls too but it's using an older version of gnet.
pls look into it

https://github.com/luyu6056/tls
https://github.com/luyu6056/bbs
https://github.com/luyu6056/gnet

ouvaa · Answer 7 · Fri Mar 29 2024 02:32:32 GMT+0800 (China Standard Time)

@panjf2000 i finished testing https://github.com/luyu6056/socks5

the http2 is amazing and it works. please incorporate into gnet examples etc

the tls works without http too.

please look into it. it may have some edge case

Andy Pan · Answer 8 · Fri Mar 29 2024 09:01:48 GMT+0800 (China Standard Time)

I'll see what I can do, but still, no specific guarantees for that.

ouvaa · Answer 9 · Fri Mar 29 2024 14:42:59 GMT+0800 (China Standard Time)

@panjf2000 u can really look at the https://github.com/luyu6056/tls etc repos mentioned or just use a wrapper around the listener part like fasthttp. the luyu6056 i've tested is working well but it's not multicore enabled or difficult to set.

i'll sponsor and help you get more sponsors once this is done. really need tls rather urgently. hope to see it done within 3 weeks. it's been too long and with luyu6056 done, and wrapper example shown, this shld be gnet's top priority. it's 2024 and without tls it's just not practical for business use.

thx in advance